class ArticleCommentsController < ApplicationController
  before_filter :login_required, :find_discipline, :find_article
  access_control :destroy => 'admin'

  def new
  end

  def create
    @comment = @article.comments.build(params[:comment])
    @comment.user = current_user
    respond_to do |format|
      if @comment.valid? and @comment.save
        flash[:notice] = 'Comment was successfully created.'
        format.html { redirect_to discipline_article_path(@discipline, @article) }
      else
        format.html { render :action => 'new' }
      end
    end
  end

  def destroy
    @comment = @article.comments.find(params[:id])
    @comment.destroy
    flash[:notice] = 'Comment was successfully deleted.'
    redirect_to discipline_article_path(@discipline, @article)
  end

  def show
    # this is a spider trying to get here
    permission_denied
  end

  private

  def find_article
    @article = Article.find(params[:article_id])
  end

end
